/*
* public AudioStream(NetworkHost sourceHost, NetworkHost destinationHost, AudioFormat format,
* FileTransfer.FileStreamAssemblerList fileStreamAssemblerList, FiveTuple fiveTuple, long initialFrameNumber) {
*/
public AudioStream(NetworkHost sourceHost, NetworkHost destinationHost, PacketParser.PacketHandlers.RtpPacketHandler.RtpPayloadType format, FileTransfer.FileStreamAssemblerList fileStreamAssemblerList, FiveTuple fiveTuple, long initialFrameNumber)
{
this.SourceHost = sourceHost;
this.DestinationHost = destinationHost;
this.Format = format;
//this.Assembler = assembler;
this.fileStreamAssemblerList = fileStreamAssemblerList;
this.FiveTuple = fiveTuple;
this.initialFrameNumber = initialFrameNumber;
this.sampleCount = 0;
this.tempFS = new System.IO.FileStream(System.IO.Path.GetTempFileName(), System.IO.FileMode.Create, System.IO.FileAccess.ReadWrite, System.IO.FileShare.Read, 262144);
this.sampleInfo = new List <SampleChunkInfo>();
}
internal void RemoveData(uint firstSequenceNumber, int bytesToRemove, NetworkHost sourceHost, ushort sourceTcpPort)
{
if (sourceHost == this.ServerHost && sourceTcpPort == this.ServerTcpPort)
{
this.ServerToClientTcpDataStream.RemoveData(firstSequenceNumber, bytesToRemove);
}
else if (sourceHost == this.ClientHost && sourceTcpPort == this.ClientTcpPort)
{
this.ClientToServerTcpDataStream.RemoveData(firstSequenceNumber, bytesToRemove);
}
else
{
throw new Exception("NetworkHost is not part of the NetworkTcpSession");
}
}
internal NetworkPacket(NetworkHost sourceHost, NetworkHost destinationHost, Packets.AbstractPacket ipPacket)
{
this.tcpSynFlag = false;
this.tcpSynAckFlag = false;
this.tcpPacketByteCount = 0;
this.sourceHost = sourceHost;
this.destinationHost = destinationHost;
this.packetBytes = ipPacket.PacketEndIndex - ipPacket.PacketStartIndex + 1;
this.timestamp = ipPacket.ParentFrame.Timestamp;
//this.cleartextWords=new List<string>();
this.payloadBytes = 0;
this.cleartextBytes = 0;
//these have to be set after for example SetPayload()
//sourceHost.SentPackets.Add(this);
//destinationHost.ReceivedPackets.Add(this);
}
/*
* public AudioStream(NetworkHost sourceHost, NetworkHost destinationHost, AudioFormat format,
* FileTransfer.FileStreamAssemblerList fileStreamAssemblerList, FiveTuple fiveTuple, long initialFrameNumber) {
*/
public AudioStream(NetworkHost sourceHost, NetworkHost destinationHost, PacketParser.PacketHandlers.RtpPacketHandler.RtpPayloadType format, FileTransfer.FileStreamAssemblerList fileStreamAssemblerList, FiveTuple fiveTuple, long initialFrameNumber)
{
this.SourceHost = sourceHost;
this.DestinationHost = destinationHost;
this.Format = format;
//this.Assembler = assembler;
this.fileStreamAssemblerList = fileStreamAssemblerList;
this.FiveTuple = fiveTuple;
this.initialFrameNumber = initialFrameNumber;
this.sampleCount = 0;
//The GetTempFileName method will raise an IOException if it is used to create more than 65535 files without deleting previous temporary files.
//The GetTempFileName method will raise an IOException if no unique temporary file name is available.To resolve this error, delete all unneeded temporary files.
this.tempFileName = System.IO.Path.GetTempFileName();
FileTransfer.FileStreamAssemblerList.TempFileHandlers.Add(this);
this.tempFileStream = new System.IO.FileStream(tempFileName, System.IO.FileMode.Create, System.IO.FileAccess.ReadWrite, System.IO.FileShare.Read, 262144);
this.sampleInfo = new List <SampleChunkInfo>();
}
public int CompareTo(NetworkHost host)
{
if (this.IPAddress.Equals(host.IPAddress))
{
return(0);
}
else
{
byte[] localBytes = this.IPAddress.GetAddressBytes();
byte[] remoteBytes = host.IPAddress.GetAddressBytes();
if (localBytes.Length != remoteBytes.Length)
{
return(localBytes.Length - remoteBytes.Length);
}
for (int i = 0; i < localBytes.Length && i < remoteBytes.Length; i++)
{
if (localBytes[i] != remoteBytes[i])
{
return(localBytes[i] - remoteBytes[i]);
}
}
return(0);
}
}
internal void Add(NetworkHost host)
{
//NetworkHost host=new NetworkHost(ip);
//uint ipUint=ByteConverter.ToUInt32(host.IPAddress);
this.networkHostDictionary.Add(Utils.ByteConverter.ToUInt32(host.IPAddress), host);
}
internal NetworkCredential(NetworkHost client, NetworkHost server, string protocolString, string username, DateTime loginTimestamp, string domain = null)
: this(client, server, protocolString, username, null, loginTimestamp, domain)
{
}
internal void RemoveData(TcpDataStream.VirtualTcpData virtualTcpData, NetworkHost sourceHost, ushort sourceTcpPort)
{
this.RemoveData(virtualTcpData.FirstPacketSequenceNumber, virtualTcpData.ByteCount, sourceHost, sourceTcpPort);
}
public bool TryAddPacket(Packets.TcpPacket tcpPacket, NetworkHost sourceHost, NetworkHost destinationHost)
{
if (this.sessionClosed)
{
return(false);
}
//Make sure the hosts are correct
if (sourceHost == this.ClientHost && tcpPacket.SourcePort == this.ClientTcpPort)//client -> server
{
if (destinationHost != this.ServerHost)
{
return(false);
}
if (tcpPacket.SourcePort != this.ClientTcpPort)
{
return(false);
}
if (tcpPacket.DestinationPort != this.ServerTcpPort)
{
return(false);
}
}
else if (sourceHost == this.ServerHost && tcpPacket.SourcePort == this.ServerTcpPort)//server -> client
{
if (destinationHost != ClientHost)
{
return(false);
}
if (tcpPacket.SourcePort != ServerTcpPort)
{
return(false);
}
if (tcpPacket.DestinationPort != ClientTcpPort)
{
return(false);
}
}
else//unknown direction
{
return(false);
}
//this.latestPacketTimestamp=tcpPacket.ParentFrame.Timestamp;
this.flow.EndTime = tcpPacket.ParentFrame.Timestamp;
//Check TCP handshake
if (!this.synPacketReceived) //SYN (client->server)
{
if (tcpPacket.FlagBits.Synchronize && sourceHost == this.ClientHost)
{
this.synPacketReceived = true;
}
else
{
return(false);
}
}
else if (!this.synAckPacketReceived) //SYN+ACK (server->client)
{
if (tcpPacket.FlagBits.Synchronize && tcpPacket.FlagBits.Acknowledgement && sourceHost == this.ServerHost)
{
this.synAckPacketReceived = true;
}
else
{
return(false);
}
}
else if (!this.sessionEstablished) //ACK (client->server)
{
if (tcpPacket.FlagBits.Acknowledgement && sourceHost == this.ClientHost)
{
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
else
{
return(false);
}
}
//FIN and RST is handeled lower down
//else{//an established and not closed session!
if (tcpPacket.PayloadDataLength > 0)
{
this.protocolFinder.AddPacket(tcpPacket, sourceHost, destinationHost);
try {
//If we've come this far the packet should be allright for the networkSession
byte[] tcpSegmentData = tcpPacket.GetTcpPacketPayloadData();
//now add the data to the server to calculate service statistics for the open port
NetworkServiceMetadata networkServiceMetadata = null;
lock (this.ServerHost.NetworkServiceMetadataList) {
if (!this.ServerHost.NetworkServiceMetadataList.ContainsKey(this.ServerTcpPort))
{
networkServiceMetadata = new NetworkServiceMetadata(this.ServerHost, this.ServerTcpPort);
this.ServerHost.NetworkServiceMetadataList.Add(this.ServerTcpPort, networkServiceMetadata);
}
else
{
networkServiceMetadata = this.ServerHost.NetworkServiceMetadataList[this.ServerTcpPort];
}
}
//now, lets extract some data from the TCP packet!
if (sourceHost == this.ServerHost && tcpPacket.SourcePort == this.ServerTcpPort)
{
networkServiceMetadata.OutgoingTraffic.AddTcpPayloadData(tcpSegmentData);
//this.clientToServerTcpDataStream.AddTcpData(tcpPacket.SequenceNumber, tcpSegmentData);
if (this.serverToClientTcpDataStream == null)
{
this.serverToClientTcpDataStream = new TcpDataStream(tcpPacket.SequenceNumber, false, this);
}
if (this.requiredNextTcpDataStreamIsClientToServer == null && this.serverToClientTcpDataStream.TotalByteCount == 0)
{
this.requiredNextTcpDataStreamIsClientToServer = false;
}
this.serverToClientTcpDataStream.AddTcpData(tcpPacket.SequenceNumber, tcpSegmentData);
}
else
{
networkServiceMetadata.IncomingTraffic.AddTcpPayloadData(tcpSegmentData);
//this.serverToClientTcpDataStream.AddTcpData(tcpPacket.SequenceNumber, tcpSegmentData);
if (this.clientToServerTcpDataStream == null)
{
this.clientToServerTcpDataStream = new TcpDataStream(tcpPacket.SequenceNumber, true, this);
}
if (this.requiredNextTcpDataStreamIsClientToServer == null && this.clientToServerTcpDataStream.TotalByteCount == 0)
{
this.requiredNextTcpDataStreamIsClientToServer = true;
}
this.clientToServerTcpDataStream.AddTcpData(tcpPacket.SequenceNumber, tcpSegmentData);
}
}
catch (Exception ex) {
if (!tcpPacket.ParentFrame.QuickParse)
{
tcpPacket.ParentFrame.Errors.Add(new Frame.Error(tcpPacket.ParentFrame, tcpPacket.PacketStartIndex, tcpPacket.PacketEndIndex, ex.Message));
}
return(false);
}
}
//}
//se if stream should be closed
if (tcpPacket.FlagBits.Reset)//close no matter what
{
this.Close();
}
else if (tcpPacket.FlagBits.Fin)//close nicely
{
if (!this.finPacketReceived)
{
this.finPacketReceived = true;
if (sourceHost == this.ServerHost && tcpPacket.SourcePort == this.ServerTcpPort)
{
this.serverToClientFinPacketSequenceNumber = tcpPacket.SequenceNumber;
}
else
{
this.clientToServerFinPacketSequenceNumber = tcpPacket.SequenceNumber;
}
}
else if (tcpPacket.FlagBits.Acknowledgement)//fin+ack
{
this.Close();
}
}
return(true);
}
/// <summary>
/// Creates a truncated TCP session where the initial 3 way handshake is missing
/// </summary>
/// <param name="sourceHost"></param>
/// <param name="destinationHost"></param>
/// <param name="tcpPacket"></param>
public NetworkTcpSession(NetworkHost sourceHost, NetworkHost destinationHost, Packets.TcpPacket tcpPacket, ISessionProtocolFinderFactory protocolFinderFactory)
{
//this part is used to create a cropped (truncated) session where the beginning is missing!
//this.synPacketTimestamp=tcpPacket.ParentFrame.Timestamp;
this.synPacketReceived = true;
this.synAckPacketReceived = true;
this.finPacketReceived = false;
this.sessionEstablished = false;//I will change this one soon,...
this.sessionClosed = false;
this.startFrameNumber = tcpPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
//now let's do a qualified guess of who is the server and who is client...
FiveTuple fiveTuple;
System.Collections.Generic.List <ApplicationLayerProtocol> sourcePortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.SourcePort, tcpPacket.SourcePort));
System.Collections.Generic.List <ApplicationLayerProtocol> destinationPortProtocols = new List <ApplicationLayerProtocol>(TcpPortProtocolFinder.GetProbableApplicationLayerProtocols(tcpPacket.DestinationPort, tcpPacket.DestinationPort));
if (sourcePortProtocols.Count > destinationPortProtocols.Count) //packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else if (destinationPortProtocols.Count > 0) //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
else if (tcpPacket.SourcePort < tcpPacket.DestinationPort)//packet is server -> client
//this.clientHost=destinationHost;
//this.serverHost=sourceHost;
//this.clientTcpPort=tcpPacket.DestinationPort;
//this.serverTcpPort=tcpPacket.SourcePort;
{
fiveTuple = new FiveTuple(destinationHost, tcpPacket.DestinationPort, sourceHost, tcpPacket.SourcePort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.AcknowledgmentNumber, tcpPacket.SequenceNumber);
}
else //packet is client -> server
//this.clientHost=sourceHost;
//this.serverHost=destinationHost;
//this.clientTcpPort=tcpPacket.SourcePort;
//this.serverTcpPort=tcpPacket.DestinationPort;
{
fiveTuple = new FiveTuple(sourceHost, tcpPacket.SourcePort, destinationHost, tcpPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpPacket.ParentFrame.Timestamp, tcpPacket.ParentFrame.Timestamp, 0, 0);
this.SetEstablished(tcpPacket.SequenceNumber, tcpPacket.AcknowledgmentNumber);
}
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
public NetworkTcpSession(Packets.TcpPacket tcpSynPacket, NetworkHost clientHost, NetworkHost serverHost, ISessionProtocolFinderFactory protocolFinderFactory)
{
if (tcpSynPacket.FlagBits.Synchronize) //It's normal to start the session with a SYN flag
{
FiveTuple fiveTuple = new FiveTuple(clientHost, tcpSynPacket.SourcePort, serverHost, tcpSynPacket.DestinationPort, FiveTuple.TransportProtocol.TCP);
this.flow = new NetworkFlow(fiveTuple, tcpSynPacket.ParentFrame.Timestamp, tcpSynPacket.ParentFrame.Timestamp, 0, 0);
//this.synPacketTimestamp=tcpSynPacket.ParentFrame.Timestamp;
//this.clientHost=clientHost;
//this.serverHost=serverHost;
//this.clientTcpPort=tcpSynPacket.SourcePort;
//this.serverTcpPort=tcpSynPacket.DestinationPort;
this.synPacketReceived = false;
this.synAckPacketReceived = false;
this.finPacketReceived = false;
this.clientToServerFinPacketSequenceNumber = UInt32.MaxValue;
this.serverToClientFinPacketSequenceNumber = UInt32.MaxValue;
this.sessionEstablished = false;
this.sessionClosed = false;
this.startFrameNumber = tcpSynPacket.ParentFrame.FrameNumber;
this.clientToServerTcpDataStream = null;
this.serverToClientTcpDataStream = null;
this.protocolFinder = protocolFinderFactory.CreateProtocolFinder(this.flow, this.startFrameNumber);
}
else
{
throw new Exception("SYN flag not set on TCP packet");
}
}
private TcpPortProtocolFinder(NetworkHost client, NetworkHost server, ushort clientPort, ushort serverPort, long startFrameNumber, DateTime startTimestamp, PacketHandler packetHandler)
{
this.probableProtocols = new List <ApplicationLayerProtocol>();
this.confirmedProtocol = ApplicationLayerProtocol.Unknown;
this.client = client;
this.server = server;
this.clientPort = clientPort;
this.serverPort = serverPort;
this.startFrameNumber = startFrameNumber;
this.startTimestamp = startTimestamp;
this.packetHandler = packetHandler;
if (this.serverPort == 21 || this.serverPort == 8021)
{
this.probableProtocols.Add(ApplicationLayerProtocol.FtpControl);
}
if (this.serverPort == 22)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Ssh);
}
if (this.serverPort == 25 || this.serverPort == 587)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Smtp);
}
if (this.serverPort == 53)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Dns);
}
if (this.serverPort == 80 ||
this.serverPort == 631 || //IPP
this.serverPort == 5985 ||
this.serverPort == 8080 ||
this.serverPort == 3128 ||
this.ServerPort == 10080 ||
this.serverPort == 11371) //TCP 3128 = Squid proxy: http://www.squid-cache.org/Doc/config/http_port/
{
this.probableProtocols.Add(ApplicationLayerProtocol.Http);
}
if (this.serverPort == 80 || this.serverPort == 10080)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Http2);
}
if (this.serverPort == 88 || this.clientPort == 88)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Kerberos);
}
if (this.serverPort == 102 || this.serverPort == 3389)//102 = Siemens S7, 3389 = RDP
{
this.probableProtocols.Add(ApplicationLayerProtocol.Tpkt);
}
if (this.serverPort == 110)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Pop3);
}
if (this.serverPort == 137 || this.clientPort == 137)
{
this.probableProtocols.Add(ApplicationLayerProtocol.NetBiosNameService);
}
if (this.serverPort == 143 || this.serverPort == 220)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Imap);
}
if (this.serverPort == 139 || this.clientPort == 139)
{
this.probableProtocols.Add(ApplicationLayerProtocol.NetBiosSessionService);
}
if (
this.serverPort == 443 ||
this.serverPort == 465 ||
this.serverPort == 563 ||
this.serverPort == 614 ||
this.serverPort == 636 ||
this.serverPort == 992 ||
this.serverPort == 993 ||
this.serverPort == 994 ||
this.serverPort == 995 ||
this.serverPort == 989 ||
this.serverPort == 990 ||
this.serverPort == 5061 ||
this.serverPort == 5223 ||
this.serverPort == 5986 ||
this.serverPort == 8170 ||
this.serverPort == 8443 ||
this.serverPort == 9001 ||
this.serverPort == 9030 ||
this.serverPort == 10443)
{
/*From: http://www.rickk.com/sslwrap/
*
* According to IANA, the following port numbers have been assigned for SSL:
* https 443/tcp # http protocol over TLS/SSL
* smtps 465/tcp # smtp protocol over TLS/SSL
* nntps 563/tcp # nttp protocol over TLS/SSL
* sshell 614 tcp SSLshell
* ldaps 636 tcp ldap protocol over TLS/SSL (was sldap)
* telnets 992/tcp # telnet protocol over TLS/SSL
* imaps 993/tcp # imap4 protocol over TLS/SSL
* ircs 994/tcp # irc protocol over TLS/SSL
* pop3s 995/tcp # POP3 protocol over TLS/SSL
* ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
* ftps 990/tcp # ftp protocol, control, over TLS/SSL
*
* */
this.probableProtocols.Add(ApplicationLayerProtocol.Ssl);
}
if (this.serverPort == 445 || this.clientPort == 445)
{
this.probableProtocols.Add(ApplicationLayerProtocol.NetBiosSessionService);
}
if (this.serverPort == 1080 ||
this.serverPort == 9040 ||
this.serverPort == 9050 ||
this.serverPort == 9051 ||
this.serverPort == 9150 ||
(this.server != null && System.Net.IPAddress.IsLoopback(this.server.IPAddress) && this.ServerPort > 1024))
{
this.probableProtocols.Add(ApplicationLayerProtocol.Socks);
}
if (this.serverPort == 1433)
{
this.probableProtocols.Add(ApplicationLayerProtocol.TabularDataStream);
}
if (this.serverPort == 4070)
{
this.probableProtocols.Add(ApplicationLayerProtocol.SpotifyServerProtocol);
}
if (this.serverPort == 194 || (this.serverPort >= 6660 && this.serverPort <= 6670) || this.serverPort == 7777 || (this.serverPort >= 6112 && this.serverPort <= 6119))
{
this.probableProtocols.Add(ApplicationLayerProtocol.Irc);
}
if (this.serverPort == 6633 || this.clientPort == 6633)
{
this.probableProtocols.Add(ApplicationLayerProtocol.OpenFlow);
}
if (this.serverPort == 5190 || this.clientPort == 5190 || this.clientPort == 443 || this.serverPort == 443)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Oscar);
}
if (this.serverPort == 5190 || this.clientPort == 5190 || this.clientPort == 443 || this.serverPort == 443)
{
this.probableProtocols.Add(ApplicationLayerProtocol.OscarFileTransfer);
}
if (this.ServerPort == 5060 || this.clientPort == 5060)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Sip);
}
if (this.serverPort == 2404 || this.clientPort == 2404)
{
this.probableProtocols.Add(ApplicationLayerProtocol.IEC_104);
}
if (this.serverPort == 502 || this.clientPort == 502)
{
this.probableProtocols.Add(ApplicationLayerProtocol.ModbusTCP);
}
}
internal TcpPortProtocolFinder(NetworkFlow flow, long startFrameNumber, PacketHandler packetHandler, NetworkHost nextHopServer, ushort nextHopServerPort) : this(flow.FiveTuple.ClientHost, nextHopServer, flow.FiveTuple.ClientPort, nextHopServerPort, startFrameNumber, flow.StartTime, packetHandler)
{
this.flow = flow;
}
public void AddPacket(PacketParser.Packets.TcpPacket tcpPacket, NetworkHost source, NetworkHost destination)
{
//do nothing
}
public static NetworkCredential GetNetworkCredential(System.Collections.Specialized.NameValueCollection parameters, NetworkHost client, NetworkHost server, string protocolString, DateTime timestamp)
{
if (parameters == null)
{
return(null);
}
//check for credentials (usernames and passwords)
string username = null;
string usernameGuess = null;
string password = null;
string passwordGuess = null;
foreach (string key in parameters)
{
/** EXACT MATCHES **/
if (key.Equals("user[screen_name]")) //twitter
{
username = parameters[key];
}
else if (key.Equals("gmailchat"))
{
username = parameters[key];
if (password == null)
{
password = "******";
}
}
else if (key.Equals("login_str"))
{
username = "******" + parameters[key];
if (password == null)
{
password = "******";
}
}
//SquirrelMail login uses login_username / secretkey
else if (key.Equals("login_username"))
{
username = parameters[key];
}
else if (key.Equals("secretkey"))
{
password = parameters[key];
}
else if (key.Equals("xml") && parameters[key].Contains("mail_inc_pass"))
{
//Parsing of credentials from AfterLogic webmail service
System.Xml.XmlDocument xmlDoc = new System.Xml.XmlDocument();
xmlDoc.LoadXml(parameters[key]);
System.Xml.XmlNode passwordNode = xmlDoc.SelectSingleNode("/webmail/param[@name='mail_inc_pass']");
System.Xml.XmlNode emailNode = xmlDoc.SelectSingleNode("/webmail/param[@name='email']");
System.Xml.XmlNode loginNode = xmlDoc.SelectSingleNode("/webmail/param[@name='mail_inc_login']");
if (password == null && passwordNode != null && passwordNode.InnerText != null && passwordNode.InnerText.Length > 0)
{
password = passwordNode.InnerText;
}
if (username == null && emailNode != null && emailNode.InnerText != null && emailNode.InnerText.Length > 0)
{
username = emailNode.InnerText;
}
else if (username == null && loginNode != null && loginNode.InnerText != null && loginNode.InnerText.Length > 0)
{
username = loginNode.InnerText;
}
}
else if (key.Equals("profile_id"))
{
username = "******" + parameters[key];
if (password == null)
{
password = "******";
}
}
/** WILDCARD MATCHES **/
else if (key.ToLower().Contains("username"))
{
usernameGuess = parameters[key];
}
else if (key.ToLower().Contains("password"))
{
passwordGuess = parameters[key];
}
else if (key.ToLower().Contains("user") || key.ToLower().Contains("usr"))
{
usernameGuess = parameters[key];
}
else if (key.ToLower().Contains("pass") || key.ToLower().Contains("pw"))
{
passwordGuess = parameters[key];
}
else if (usernameGuess == null && key.ToLower().Contains("mail"))
{
usernameGuess = parameters[key];
}
else if (usernameGuess == null && key.ToLower().Contains("log"))
{
usernameGuess = parameters[key];
}
}
if (username == null)
{
username = usernameGuess;
}
if (password == null)
{
password = passwordGuess;
}
if (username != null && password != null)
{
return(new NetworkCredential(client, server, protocolString, username, password, timestamp));
}
else if (username != null)
{
return(new NetworkCredential(client, server, protocolString, username, timestamp));
}
else
{
return(null);
}
}
internal NetworkCredential(NetworkHost client, NetworkHost server, string protocolString, string username, string password, DateTime loginTimestamp)
: this(client, server, protocolString, username, password, false, loginTimestamp)
{
}
public static string GetCredentialSessionString(NetworkHost client, NetworkHost server, string protocolString)
{
return(client.IPAddress.ToString() + server.IPAddress.ToString() + protocolString);
}
//this constructor should only be called by the PortProtocolFinderFactory
internal TcpPortProtocolFinder(NetworkHost client, NetworkHost server, ushort clientPort, ushort serverPort, int startFrameNumber, DateTime startTimestamp, PacketHandler packetHandler)
{
this.probableProtocols = new List <ApplicationLayerProtocol>();
this.confirmedProtocol = ApplicationLayerProtocol.Unknown;
this.client = client;
this.server = server;
this.clientPort = clientPort;
this.serverPort = serverPort;
this.startFrameNumber = startFrameNumber;
this.startTimestamp = startTimestamp;
this.packetHandler = packetHandler;
if (this.serverPort == 21 || this.serverPort == 8021)
{
this.probableProtocols.Add(ApplicationLayerProtocol.FtpControl);
}
if (this.serverPort == 22)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Ssh);
}
if (this.serverPort == 25 || this.serverPort == 587)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Smtp);
}
if (this.serverPort == 80 || this.serverPort == 8080 || this.serverPort == 3128) //TCP 3128 = Squid proxy: http://www.squid-cache.org/Doc/config/http_port/
{
this.probableProtocols.Add(ApplicationLayerProtocol.Http);
}
if (this.serverPort == 137 || this.clientPort == 137)
{
this.probableProtocols.Add(ApplicationLayerProtocol.NetBiosNameService);
}
if (this.serverPort == 139 || this.clientPort == 139)
{
this.probableProtocols.Add(ApplicationLayerProtocol.NetBiosSessionService);
}
if (
this.serverPort == 443 ||
this.serverPort == 465 ||
this.serverPort == 563 ||
this.serverPort == 992 ||
this.serverPort == 993 ||
this.serverPort == 994 ||
this.serverPort == 995 ||
this.serverPort == 989 ||
this.serverPort == 990 ||
this.serverPort == 5223 ||
this.serverPort == 8170 ||
this.serverPort == 8443 ||
this.serverPort == 9001 ||
this.serverPort == 9030)
{
/*From: http://www.rickk.com/sslwrap/
*
* According to IANA, the following port numbers have been assigned for SSL:
* https 443/tcp # http protocol over TLS/SSL
* smtps 465/tcp # smtp protocol over TLS/SSL
* nntps 563/tcp # nttp protocol over TLS/SSL
* telnets 992/tcp # telnet protocol over TLS/SSL
* imaps 993/tcp # imap4 protocol over TLS/SSL
* ircs 994/tcp # irc protocol over TLS/SSL
* pop3s 995/tcp # POP3 protocol over TLS/SSL
* ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
* ftps 990/tcp # ftp protocol, control, over TLS/SSL
*
* */
this.probableProtocols.Add(ApplicationLayerProtocol.Ssl);
}
if (this.serverPort == 445 || this.clientPort == 445)
{
this.probableProtocols.Add(ApplicationLayerProtocol.NetBiosSessionService);
}
if (this.serverPort == 1433)
{
this.probableProtocols.Add(ApplicationLayerProtocol.TabularDataStream);
}
if (this.serverPort == 4070)
{
this.probableProtocols.Add(ApplicationLayerProtocol.SpotifyServerProtocol);
}
if (this.serverPort == 194 || (this.serverPort >= 6660 && this.serverPort <= 6670) || this.serverPort == 7777 || (this.serverPort >= 6112 && this.serverPort <= 6119))
{
this.probableProtocols.Add(ApplicationLayerProtocol.Irc);
}
if (this.serverPort == 5190 || this.clientPort == 5190 || this.clientPort == 443 || this.serverPort == 443)
{
this.probableProtocols.Add(ApplicationLayerProtocol.Oscar);
}
if (this.serverPort == 5190 || this.clientPort == 5190 || this.clientPort == 443 || this.serverPort == 443)
{
this.probableProtocols.Add(ApplicationLayerProtocol.OscarFileTransfer);
}
if (this.serverPort == 2404 || this.clientPort == 2404)
{
this.probableProtocols.Add(ApplicationLayerProtocol.IEC_104);
}
}
public int CompareTo(object obj)
{
NetworkHost host = (NetworkHost)obj;
return(CompareTo(host));
}
